Free Malware Removal Forum

Welcome to MalwareRemoval.com,What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

My PC got infected and all Google search result items were being directed to adware sites. I've scanned my PC with McAfee Antivirus and Spy Sweeper, nothing seemed to work. Out of desperation, I also downloaded the latest version of AVG Free Anti-Virus. I think I've succeeded in removing some parts of the virus. The problem now is that certain unwanted programs (like "nutuhunu") keep getting added to my startup menu, and I can't get rid of it. Also, now when I click on Google search results, I'm directed to the legitimate websites, but Spy Sweeper alerts me that it has blocked my browser from being directed to an unwanted site. Finally, the PC is running very slow.

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our
Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.

My name is xixo_12 and I will guide you to encounter the problem that you have now.

We will work together and I need your attention to read all those instruction carefully.

Refrain from running self fixes as this will hinder the malware removal process.

You may wish to print them off or copy the instruction into Notepad.

If you have any question please don't hesitate to ask.

The instructions that I will give to you are specific to your current problem and shouldn't be used on other systems.

If you are receiving help or have received help on this problem elsewhere, please let us know.

Please post your replies to this thread only and keep interact with me until your computer is clean.

Everything I post to you will be review by MRU Teacher. This process will impact my response time to you. Be patient. Please! If you need more time to do all the instructions, let me know before 72hours is done. Otherwise, your thread will be closed

First, I can no longer operate my PC in normal mode, the malware is causing my PC to constantly freeze and crash in normal mode. So all of the instructions that you have given me I have completed in safe mode. I'm still getting pop-up ads in safe mode, but despite the pop-up ads my PC is operable in safe mode.

1) Limeware: I had previously uninstalled Limeware, and I can confirm that it does not appear in my "ADD / REMOVE PROGRAMS" list. But I found some empty folders in my old Limeware directory which I have now deleted. My PC is now free of any Limeware components.

2) I have removed AVG Free 9.0 from my PC. As you recommended, I now have only one antivirus program running on my PC (McAfee).

3) I downloaded and ran CKScanner. As you requested, here is a copy of the CKScanner log:

Ask ToolbarMy Way Search AssistantSpy Sweeper <<You can reinstall after the system is cleanSpy Sweeper Core <<You can reinstall after the system is clean

If some programs listed above are not in present, please do not panic and proceed to the next step.

Next,Malwarebytes' Anti-MalwareDownload Malwarebytes' Anti-Malwarehere and save to the desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.

At the end, be sure a checkmark is placed next to:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-Malware

Then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform full scan, then click Scan.

When the scan is complete, click OK, then Show Results to view the results.

Refer to above image and then click Remove Selected to proceed.

When completed, a log will open in Notepad. Please copy and paste the log back into your next reply

Note:

The log can also be found here:C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Or via the Logs tab when Malwarebytes' Anti-Malware is started.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.Click OK to either and let MBAM proceed with the disinfection process.If asked to restart the computer, please do so. Failure to reboot will prevent MBAM from removing all the malware.

Next,Reboot into normal mode.

Please let me know the result.

If you can't enter normal mode, please proceed in the safe mode for the next instruction.

Next,RSIT by random/random.Please download from HERE and save to the desktop.

As you recommended, I have downloaded the necessary tools using an uninfected computer, transferred them to my infected computer with a flash drive and have performed the following tasks in my infected computer while in safe mode with no network connectivity.

1) Viewpoint Media Player: As you suggested, I have removed Viewpoint Media Player from my computer.

2) I attempted to remove the following programs as you requested, and I received the following error messages:

Ask Toobar: When I attempted to remove Ask Toolbar from my computer, I received the following error message:Error loading C:\PROGRA~1\ASKBAR\bar\1.bin\AskBar.dllThe specified module could not be found.

My Way Search Assistant: When I attempted to remove My Way Search Assistant from my computer, I received the following error message:Error loading C:\PROGRA~1\MyWaySA\SrchAsDe\1.bin\desrcas.dllThe specified module could not be found.

Before I contacted your forum for assistance, I deleted the My Way Search Assistant folder, which might explain the reason for the above error message.

Disconnect from the Internet and close all running programs.There is a small chance this application may crash your computer so save any work you have open.

Double-click on Gmer.exe to start the program.

Allow the gmer.sys driver to load if asked.

If it gives you a warning at program start about rootkit activity and asks if you want to run a scan,click NO.

Click on >>> symbol and choose on the Rootkit tab.

Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.

Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".

Click on the Scan and wait for the scan to finish.Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.

When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.

Important!Please do not select the "Show all" checkbox during the scan..

Move the file into the Program Files\Malwarebytes' Anti-Malware folder on the infected PC and double click the file to launch it.

Then malwarebytes should run.Note : If the Malwarebytes's Anti-Malware still can't run, please rename the file to explorer.exe

Click on Update tab > Check for Updates.

Once done, click on Scanner tab, select Perform full scan, then click Scan.

When the scan is complete, click OK, then Show Results to view the results.

Refer to above image and then click Remove Selected to proceed.

When completed, a log will open in Notepad. Please copy and paste the log back into your next reply

Note:

The log can also be found here:C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Or via the Logs tab when Malwarebytes' Anti-Malware is started.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.Click OK to either and let MBAM proceed with the disinfection process.If asked to restart the computer, please do so. Failure to reboot will prevent MBAM from removing all the malware..

Next,Reboot into normal mode.

Please let me know if you fail to do this.

Proceed with the next instruction either you success or fail this step.

Next,RSIT.

Please run again RSIT to produce log.txt. It will overwrite the old log.

I successfully downloaded and ran MBAM in safe mode. After performing a full scan, it detected 39 infections. When I clicked "Remove Selected," it removed almost all of them, and then I received the following message:

Certain items could not be removed! The first few are listed below. All items that could not be removed have been added to the delete on reboot list. Please restart your computer now. A logfile was saved to the Logs folder.

C:\WINDOWS\SYSTEM32\doriyubi.dllC:\WINDOWS\SYSTEM32\remubiki.dll

Your computer needs to be restarted to complete the removal process.

I restarted the computer (rebooting into normal mode) and the PC appears to be running normal.

Return to OTM, right click in the Paste Instructions for Items to be Moved window (under the yellow bar, Code box into OTMoveIt3 (1).) and choose Paste.

Click the red Moveit! button.

Copy everything in the Results window (under the green bar), and paste it in your next reply.

Close OTM.

Note:

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes.

In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Return to OTM, right click in the Paste Instructions for Items to be Moved window (under the yellow bar, Code box into OTMoveIt3 (1).) and choose Paste.

Click the red Moveit! button.

Copy everything in the Results window (under the green bar), and paste it in your next reply.

Close OTM.

Note:

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes.

In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Next,CCleaner - Delete leftover

Double click the CCleaner shortcut on the desktop to start the program.

Computer Name: OAGEvent Code: 29Message: The time provider NtpClient is configured to acquire time from one or moretime sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes.NtpClient has no source of accurate time.

Computer Name: OAGEvent Code: 17Message: Time Provider NtpClient: An error occurred during DNS lookup of the manuallyconfigured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15minutes.The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Who is online

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.